Skip to main content

EncodingGuard

oxideshield_guard::guard

Struct EncodingGuard

pub struct EncodingGuard { /* private fields */ }

Expand description

Encoding guard to detect potentially malicious encodings.

When block_base64 is enabled and a decoded_content_matcher is provided, the guard will decode base64 candidates and run the decoded text through the matcher to detect threats hidden inside encoded payloads (F-002).

Security features:

Detects both padded and unpadded base64 candidates
Recursive decoding up to max_decode_depth layers to catch multi-encoded payloads
Configurable minimum candidate length (default: 8 chars)
Supports both STANDARD and URL_SAFE base64 alphabets

Implementations§

impl EncodingGuard

pub fn new(name: impl Into<String>) -> Self

Create a new encoding guard

pub fn block_unicode_escapes(self, block: bool) -> Self

Set whether to block unicode escapes

pub fn block_base64(self, block: bool) -> Self

Set whether to block base64

pub fn with_action(self, action: GuardAction) -> Self

Set the action

pub fn with_decoded_content_matcher(self, matcher: PatternMatcher) -> Self

Set a pattern matcher to run against decoded base64 content.

When base64-encoded text is detected and this matcher is set, the guard will decode the payload and check it for threats, catching attacks that hide prompt injections or jailbreaks inside base64 encoding.

pub fn with_max_decode_depth(self, depth: usize) -> Self

Set the maximum recursive decode depth (default: 3).

Attackers may nest base64 encoding multiple times to evade detection. This controls how many layers of encoding the guard will unwrap.

pub fn with_min_candidate_len(self, len: usize) -> Self

Set the minimum candidate length in chars (default: 8).

Strings shorter than this are not considered base64 candidates. Lower values catch shorter payloads but may increase false positives.

Trait Implementations§

impl Guard for EncodingGuard

fn name(&self) -> &str

Get the guard name

fn check(&self, content: &str) -> GuardCheckResult

Check content against this guard

fn action(&self) -> GuardAction

Get the action this guard takes on failure

fn severity_threshold(&self) -> Severity

Get the minimum severity that triggers this guard

Auto Trait Implementations§

impl Freeze for EncodingGuard

impl RefUnwindSafe for EncodingGuard

impl Send for EncodingGuard

impl Sync for EncodingGuard

impl Unpin for EncodingGuard

impl UnwindSafe for EncodingGuard

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<G> InstrumentGuard for G
where G: Guard,

fn instrumented(self) -> InstrumentedGuard<Self>

Wrap this guard with metrics instrumentation

fn instrumented_with( self, collector: Arc<GuardMetricsCollector>, ) -> InstrumentedGuard<Self>

Wrap this guard with a specific collector

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> PolicyExt for T
where T: ?Sized,

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more